Skip to content
Snippets Groups Projects
  1. Dec 31, 2021
  2. Jun 23, 2021
    • Mark Goddard's avatar
      Use ansible_facts to reference facts · ade5bfa3
      Mark Goddard authored
      By default, Ansible injects a variable for every fact, prefixed with
      ansible_. This can result in a large number of variables for each host,
      which at scale can incur a performance penalty. Ansible provides a
      configuration option [0] that can be set to False to prevent this
      injection of facts. In this case, facts should be referenced via
      ansible_facts.<fact>.
      
      This change updates all references to Ansible facts within Kolla Ansible
      from using individual fact variables to using the items in the
      ansible_facts dictionary. This allows users to disable fact variable
      injection in their Ansible configuration, which may provide some
      performance improvement.
      
      This change disables fact variable injection in the ansible
      configuration used in CI, to catch any attempts to use the injected
      variables.
      
      [0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars
      
      Change-Id: I7e9d5c9b8b9164d4aee3abb4e37c8f28d98ff5d1
      Partially-Implements: blueprint performance-improvements
      ade5bfa3
  3. Jun 16, 2021
  4. Jun 11, 2021
    • Matthias Runge's avatar
      Remove support for panko · ccf8cc5d
      Matthias Runge authored
      the project is deprecated and in the process of being removed
      from OpenStack upstream.
      
      Change-Id: I9d5ebed293a5fb25f4cd7daa473df152440e8b50
      ccf8cc5d
  5. Mar 25, 2021
  6. Dec 22, 2020
  7. Dec 16, 2020
  8. Oct 12, 2020
    • James Kirsch's avatar
      Add support for encrypting backend Neutron API Server · 93ad57f4
      James Kirsch authored
      Add TLS support for backend Neutron API Server communication using
      HAProxy to perform TLS termination. When used in conjunction with
      enabling TLS for service API endpoints, network communication will be
      encrypted end to end, from client through HAProxy to the Neutron
      service.
      
      Change-Id: Ib333a1f1bd12491df72a9e52d961161210e2d330
      Partially-Implements: blueprint add-ssl-internal-network
      93ad57f4
  9. Aug 10, 2020
    • Mark Goddard's avatar
      Mount /etc/timezone based on host OS · 146b00ef
      Mark Goddard authored
      Previously we mounted /etc/timezone if the kolla_base_distro is debian
      or ubuntu. This would fail prechecks if debian or ubuntu images were
      deployed on CentOS. While this is not a supported combination, for
      correctness we should fix the condition to reference the host OS rather
      than the container OS, since that is where the /etc/timezone file is
      located.
      
      Change-Id: Ifc252ae793e6974356fcdca810b373f362d24ba5
      Closes-Bug: #1882553
      146b00ef
  10. Jul 07, 2020
    • Mark Goddard's avatar
      Performance: Run common role in a separate play · 56ae2db7
      Mark Goddard authored
      The common role was previously added as a dependency to all other roles.
      It would set a fact after running on a host to avoid running twice. This
      had the nice effect that deploying any service would automatically pull
      in the common services for that host. When using tags, any services with
      matching tags would also run the common role. This could be both
      surprising and sometimes useful.
      
      When using Ansible at large scale, there is a penalty associated with
      executing a task against a large number of hosts, even if it is skipped.
      The common role introduces some overhead, just in determining that it
      has already run.
      
      This change extracts the common role into a separate play, and removes
      the dependency on it from all other roles. New groups have been added
      for cron, fluentd, and kolla-toolbox, similar to other services. This
      changes the behaviour in the following ways:
      
      * The common role is now run for all hosts at the beginning, rather than
        prior to their first enabled service
      * Hosts must be in the necessary group for each of the common services
        in order to have that service deployed. This is mostly to avoid
        deploying on localhost or the deployment host
      * If tags are specified for another service e.g. nova, the common role
        will *not* automatically run for matching hosts. The common tag must
        be specified explicitly
      
      The last of these is probably the largest behaviour change. While it
      would be possible to determine which hosts should automatically run the
      common role, it would be quite complex, and would introduce some
      overhead that would probably negate the benefit of splitting out the
      common role.
      
      Partially-Implements: blueprint performance-improvements
      
      Change-Id: I6a4676bf6efeebc61383ec7a406db07c7a868b2a
      56ae2db7
  11. Jun 25, 2020
    • Mark Goddard's avatar
      Support CA certificate for fluentd & Elasticsearch · 31f3f848
      Mark Goddard authored
      Currently there is no way to configure a CA certificate bundle file for
      fluentd to Elasticsearch communication. This change adds a new variable,
      'fluentd_elasticsearch_cacert' with a default value set to the value of
      'openstack_cacert.
      
      Closes-Bug: #1885109
      
      Change-Id: I5bbf55a4dd4ccce9fa2635cee720139c088268e3
      31f3f848
  12. Jun 20, 2020
  13. Jun 19, 2020
  14. Apr 30, 2020
    • James Kirsch's avatar
      Add support for encrypting Glance api · f87814f7
      James Kirsch authored
      Add TLS support for Glance api using HAProxy to perform TLS termination.
      
      Change-Id: I77051baaeb5d3f7dd9002262534e7d35f3926809
      Partially-Implements: blueprint add-ssl-internal-network
      f87814f7
  15. Apr 09, 2020
    • Dincer Celik's avatar
      Introduce /etc/timezone to Debian/Ubuntu containers · 4b5df0d8
      Dincer Celik authored
      Some services look for /etc/timezone on Debian/Ubuntu, so we should
      introduce it to the containers.
      
      In addition, added prechecks for /etc/localtime and /etc/timezone.
      
      Closes-Bug: #1821592
      Change-Id: I9fef14643d1bcc7eee9547eb87fa1fb436d8a6b3
      4b5df0d8
  16. Mar 23, 2020
    • Mark Goddard's avatar
      Fix kolla-ansible stop with heterogeneous hosts · 89df07e8
      Mark Goddard authored
      The 'kolla-ansible stop' command can be used to stop the services
      running on hosts. However, if you run this command in an environment
      with heterogeneous nodes (most real world scenarios have at least
      control/compute), then it fails. This is because it only checks
      whether a container is enabled, and not whether the host is in the
      correct group. For example, it fails with nova-libvirt:
      
          No such container: nova_libvirt to stop.
      
      This change fixes the issue by only attempting to stop containers on
      hosts to which they are mapped.
      
      Change-Id: Ibecac60d1417269bbe25a280996ca9de6e6d018f
      Closes-Bug: #1868596
      89df07e8
  17. Mar 18, 2020
  18. Mar 15, 2020
  19. Mar 02, 2020
  20. Jan 10, 2020
    • Mark Goddard's avatar
      CentOS 8: Support variable image tag suffix · 9755c924
      Mark Goddard authored
      For the CentOS 7 to 8 transition, we will have a period where both
      CentOS 7 and 8 images are available. We differentiate these images via a
      tag - the CentOS 8 images will have a tag of train-centos8 (or
      master-centos8 temporarily).
      
      To achieve this, and maintain backwards compatibility for the
      openstack_release variable, we introduce a new 'openstack_tag' variable.
      This variable is based on openstack_release, but has a suffix of
      'openstack_tag_suffix', which is empty except on CentOS 8 where it has a
      value of '-centos8'.
      
      Change-Id: I12ce4661afb3c255136cdc1aabe7cbd25560d625
      Partially-Implements: blueprint centos-rhel-8
      9755c924
  21. Dec 09, 2019
  22. Jun 27, 2019
  23. May 30, 2019
  24. Oct 24, 2018
  25. Jul 25, 2018
  26. May 18, 2018
  27. May 04, 2018
    • ZhijunWei's avatar
      Remove kubetoolbox image from common role · 80ec86f1
      ZhijunWei authored
      Since the kolla-kubernetes has been separated, and nowhere to
      use kubetoolbox, it is safe to remove it from kolla-ansible.
      
      Change-Id: I9aa59d45fa04c13944120f1f99af2361551147ad
      80ec86f1
  28. Mar 26, 2018
    • Eduardo Gonzalez's avatar
      Verify YAML syntax in gates · ea1a1dee
      Eduardo Gonzalez authored
      This patchset implements yamllint test to all *.yml
      files.
      
      Also fixes syntax errors to make jobs to pass.
      
      Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
      ea1a1dee
  29. Sep 28, 2017
    • Tatsuma Matsuki's avatar
      Add fluentd enable option · 03354bc9
      Tatsuma Matsuki authored
      This change adds enable_fluentd option and enables some other log shippers
      to be integrated. When enable_fluentd is "no", syslog server is also disabled.
      Then, this change also adds syslog parameters to use a syslog server
      prepared by users.
      
      Change-Id: I7c83ef7fe30a6b9ab7385bcee953ad07e96b0a83
      Implements: blueprint fluentd-enable-option
      03354bc9
  30. Jul 04, 2017
  31. Jun 13, 2017
    • Eduardo Gonzalez's avatar
      Fix cron restarting issue · 7ac53ec3
      Eduardo Gonzalez authored
      Cron is always restarting due dummy environment
      variable is None.
      This change adds a useless env value.
      
      Change-Id: Iad435bb0671a25bc12c6a6d0d988d555faba76c3
      Closes-Bug: #1697706
      7ac53ec3
  32. May 17, 2017
  33. Jan 24, 2017
    • zhubingbing's avatar
      Add fluentd role · d3d4a933
      zhubingbing authored
      
      * add fluentd role
      * remove heka configure
      
      Co-Authored-By: default avataryangzb09 <yangzb09@qq.com>
      
      Partially-Implements: blueprint add-fluentd-role
      
      Change-Id: Ica804a99f5bb8b157f406299c5982b7b6283b3e3
      d3d4a933
  34. Oct 18, 2016
    • Serguei Bezverkhi's avatar
      Adding kubetoolbox image · 46b41d2f
      Serguei Bezverkhi authored
      This PS adds kubetoolbox image which is required for Kubernetes
      fencing pod. This image includes, kubectl binary, ceph-common and ipmi.
      
      Change-Id: I17b2a47b95ed7dea391f1427a41c92b15c97986d
      Partially-Implements: blueprint kubernetes-toolbox
      46b41d2f
  35. Oct 12, 2016
    • Serguei Bezverkhi's avatar
      Adds Fluentd docker image required for kolla-kube · 74967944
      Serguei Bezverkhi authored
      This PS adds Fluentd docker image to Kolla. Kolla
      currently does not use Fluentd for log collection, but this image
      is required for Kubernetes centralized logging solution.
      
      Change-Id: I719661d75f5044239a1fd52080d322c77490ecae
      Partially_Implements: blueprint kubernetes-images
      74967944
  36. Aug 17, 2016
  37. Aug 02, 2016
    • Ken Wronkiewicz's avatar
      Horizon interface address and memcached override · a6d89f44
      Ken Wronkiewicz authored
      Note: This should not result in any behavior changes in regular Kolla, just
      Kolla-Kubernetes and only when you've overridden stuff in globals.yml
      
      Allows override of interface address and memcached pools, so that Kubernetes
      can do the right thing.
      
      There are some significant architectural issues involved in memcached pooling
      in the Kolla-kubernetes world.  Avoiding them right now.
      
      Current working with this Kolla-Kubernetes globals.yml file:
      
      api_interface_address: "0.0.0.0"
      
      memcached_servers: "memcached"
      
      keystone_database_address: "mariadb"
      keystone_admin_url: "http://keystone-admin:35357/v3"
      keystone_internal_url: "http://keystone-public:5000/v3"
      keystone_public_url: "http://keystone-public:5000/v3
      
      "
      
      Three tings to note:
       * In Kolla-Kubernetes, the service is not using net=host, so a
         0.0.0.0 interface address is totally OK.  That patch has been merged.
       * In Kolla-Kubernetes, the global.yml file doesn't do var substitution
         so you have to be explicit about the URLs, otherwise Keystone will
         look like it was provisioned but it won't quite be provisioned right.
       * In order to not duplicate tons of code, moved the keystone_admin_url /
         keystone_internal_url / keystone_public_url to the common defaults
         from the keystone defaults.
      
      Co-Authored-By: default avatarRyan Hallisey <rhallise@redhat.com>
      Change-Id: I586ce1c6c3300254c4e2a398ff46645df576aeb0
      Partially-implements: blueprint api-interface-bind-address-override
      a6d89f44
  38. May 23, 2016
    • Ryan Hallisey's avatar
      Change ansible image to kolla_toolbox · f5e0a395
      Ryan Hallisey authored
      All the images follow the same naming schema where the container
      name is part of the ansible variable name.  Currently, the
      kolla_toolbox container is named ansible_image_full.  Change
      this to match what the container name is.
      
      Could impact operators who are specifying ansible_image_full
      in globals.yml.
      
      TrivialFix
      
      Change-Id: I9f0cbe4bd69ce17489310a1f5734a254e6ebe27b
      f5e0a395
  39. Mar 09, 2016
    • Éric Lemoine's avatar
      Add cron image and playbook · 32a4cada
      Éric Lemoine authored
      Add cron image and playbook for logrotate.
      
      The "common" Ansible playbook includes configuration files for
      logrotate. At this point the operator cannot customize/override the
      logrotate configuration.
      
      Closes-Bug: #1553244
      Change-Id: Ic9fdda9a273c9ccd90502f0acc7614d2c7157dca
      32a4cada
Loading